EU Mandates Exclusion of Huawei, ZTE from Critical Infrastructure by Early 2026

The European Union is formalizing a legislative measure that will legally mandate the exclusion of suppliers deemed "high-risk," specifically naming Chinese technology firms Huawei and ZTE, from the bloc's critical infrastructure. This action, scheduled to take legal effect on January 20, 2026, converts previous voluntary guidelines into binding restrictions across all 27 member states, marking a significant tightening of the EU's digital security policy amidst ongoing geopolitical considerations.

The European Commission is expected to unveil the specific revisions to the existing Cybersecurity Act on that date, shifting the framework from recommendations to enforced compliance. The scope of this mandatory exclusion is broad, extending beyond the widely discussed 5G mobile networks to encompass other vital sectors, including security scanners and solar energy systems, where Chinese components are currently prevalent. Officials have noted that dependency in the energy sector is substantial, with over 90% of solar panels installed within the EU manufactured in China.

Under the new mandate, national authorities within member states will gain the power to impose mandatory restrictions and oversee a structured phase-out of the implicated equipment. The exact timeline for removal will depend on a multi-factor assessment, weighing the assessed risk level, the specific sector, implementation costs, and the proven availability of alternative suppliers. This decisive regulatory shift aligns with earlier, more stringent actions taken by the United States, which banned new equipment sales and imports from Huawei and ZTE in 2022, citing national security concerns.

This initiative is part of the EU's wider strategy to re-evaluate technological dependencies, seeking to balance infrastructure security against reliance on both dominant US technology firms and the designated Chinese high-risk suppliers. Telecom operators across the bloc have expressed concerns regarding potential adverse effects on consumer prices and the operational expenses associated with forced equipment replacements. Conversely, the move is anticipated to offer a competitive advantage to European rivals such as Ericsson and Nokia, who have advocated for formal restrictions on high-risk vendors.

The legislative push is driven by concerns among some EU officials that equipment from these Chinese suppliers could potentially be exploited for collecting sensitive data from European networks. The European Commission's proposal seeks to standardize security across the Union, as fragmented national solutions were deemed insufficient for achieving market-wide coordination and trust. Despite objections from the Chinese government regarding market principles and fair competition, the EU is asserting its strategic priority for digital sovereignty and supply chain security through this finalized mandate.